BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
VIRUS CLEAN HELP
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > VIRUS CLEAN HELP  
Forum Quick Jump
 
New Topic Post reply to : VIRUS CLEAN HELP Printable version of : VIRUS CLEAN HELP
[ << Previous Thread | Next Thread >> ]

Alfonso
New Member


Date Joined Dec 2005
Total Posts : 11
 
   Posted 12/6/2005 8:29 PM (GMT +2)    Quote: VIRUS CLEAN HELPAlert an admin about: VIRUS CLEAN HELP
I need some help with my computer, i think it has some virus , can anyone help me please???
 
 
here is my HJT log
 
 
Logfile of HijackThis v1.99.1
Scan saved at 11:52:39 AM, on 12/6/2005
Platform: Windows 2000  (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Wintab32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\HPLRA.EXE
C:\WINDOWS\System32\ccwtup32.exe
C:\WINDOWS\GTCO\wtxpload.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\GTCO\xpoint32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MediaGateway\MediaGateway.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\Osa.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\Kine\Runner.EXE
C:\WINDOWS\system32\wincntrl.exe
C:\temp\atiupdate.exe
D:\WinZip\WINZIP32.EXE
D:\WINZIP\wzqkpick.exe
C:\temp\wz19c8\HijackThis.exe
F0 - system.ini: Shell=progman.exe
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\gebyv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RegAgent] C:\WINDOWS\HPLRA.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] C:\WINDOWS\GTCO\wtxpload.exe GTCO
O4 - HKLM\..\Run: [ntdll.dll] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Norton Antivirus] nortonav.exe
O4 - HKCU\..\RunServices: [Norton Antivirus] nortonav.exe
O4 - Startup: Camio Viewer 2.0.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Startup: Runner.LNK = C:\Program Files\Kine\Runner.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O9 - Extra button: SMP/IS Help Home Page - {7C99025F-7982-42DD-826C-A744AD61A036} - C:\Program Files\MMI\helpsys\index.htm
O9 - Extra 'Tools' menuitem: &SMP/IS Help - {7C99025F-7982-42DD-826C-A744AD61A036} - C:\Program Files\MMI\helpsys\index.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Plus!\Microsoft Internet\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129572530937
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O20 - Winlogon Notify: gebyv - C:\WINDOWS\SYSTEM32\gebyv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\Wintab32.exe
 
 
 
 
 
Back to Top
 

JSntgvr
Senior Member




Date Joined Nov 2005
Total Posts : 605
 
   Posted 12/7/2005 10:32 PM (GMT +2)    Quote: VIRUS CLEAN HELPAlert an admin about: VIRUS CLEAN HELP
Please print these instructions out for use in Safe Mode.
 
Please download VundoFix.exe to your desktop:
 
 
Double-click VundoFix.exe to extract the files.

This will create a VundoFix folder on your desktop.

After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

You will first be presented with a warning.
It should look like this

 
VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk.

Press enter to continue
 
At this point press Enter one time.

Next you will see:
 
Please Type in the filepath as instructed by the forum staff
and then press enter:
 
At this point please type the following file path (make sure to enter it exactly as below!):
 
C:\WINDOWS\System32\gebyv.dll
 
Press Enter to continue with the fix.

Next you will see:
 
Please type in the second filepath as instructed by the forum
staff then press enter:
 
At this point please type the following file path (make sure to enter it exactly as below!):
 
C:\WINDOWS\system32\vybeg.*
 
Press Enter to continue with the fix.
 
The fix will run then Hijack This will open, if it does not open automatically please open it manually.
 
In HiJackThis, please place a check next to the following items and click FIX CHECKED:
 
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\gebyv.dll
O20 - Winlogon Notify: gebyv - C:\WINDOWS\SYSTEM32\gebyv.dll
 
After you have fixed these items, close HijackThis.
 
Press enter to exit the program then manually reboot your computer.
 
The fix will tell you to shutdown using the Power button. Hold in your power button until the computer shuts down. Wait about 15 seconds and then restart the computer into regular windows.
Chkdsk will run. This is normal. It will take a few minutes and is checking your file system because of the Bad Shutdown we caused.
 
Once your machine reboots please continue with the instructions below.
 
Perform an ActiveSCan:
 
 
Save the report to the desktop.
 
Run HijackThis and post a fresh log and the vundofix.txt file from the vundofix folder, as well as the ActiveScan.
Back to Top
 
New Topic Post reply to : VIRUS CLEAN HELP Printable version of : VIRUS CLEAN HELP
 
Forum Information
Currently it is Monday, December 22, 2014 6:59 AM (GMT +2)
There are a total of 60,822 posts in 13,360 threads.
In the last 3 days there were 0 new threads and 0 reply posts. View Active Threads
Who's Online
This forum has 36997 registered members. Please welcome our newest member, MosQuiTos007.
5 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads